Scripting language processing engine in data leak prevention application

US 8,776,017 B2
Filed: 07/26/2010
Issued: 07/08/2014
Est. Priority Date: 07/26/2010
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method of preventing leakage of security sensitive documents from an organization involving categorizing documents by classifying the documents according to a security sensitivity of the documents, comprising:

providing a data leak prevention application that categorizes documents by data type in order to prevent leakage of sensitive documents from an organization, a data type being a classification of a document based on what data the document contains, the data type also reflecting an extent to which leakage of the document out of the organization would harm the organization due to what data the document contains;

embedding a scripting language processing engine into the data leak prevention application, the scripting language processing engine forming part of the application as hard code and utilizing a high level programming language;

configuring interaction between the scripting language processing engine and the data leak prevention application, the configuring including modifying existing code or adding new code;

activating relevant code portions of the scripting language processing engine to detect new data types, including setting criteria for when the relevant code portions of the scripting language processing engine activate; and

using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization based on new and existing data types.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.

Citations

18 Claims

1. A computer implemented method of preventing leakage of security sensitive documents from an organization involving categorizing documents by classifying the documents according to a security sensitivity of the documents, comprising:
- providing a data leak prevention application that categorizes documents by data type in order to prevent leakage of sensitive documents from an organization, a data type being a classification of a document based on what data the document contains, the data type also reflecting an extent to which leakage of the document out of the organization would harm the organization due to what data the document contains;
  
  embedding a scripting language processing engine into the data leak prevention application, the scripting language processing engine forming part of the application as hard code and utilizing a high level programming language;
  
  configuring interaction between the scripting language processing engine and the data leak prevention application, the configuring including modifying existing code or adding new code;
  
  activating relevant code portions of the scripting language processing engine to detect new data types, including setting criteria for when the relevant code portions of the scripting language processing engine activate; and
  
  using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization based on new and existing data types.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein a data leak prevention (DLP) administrator performs the configuring.
  - 3. The method of claim 1, further including activating the relevant code portions of the scripting language to enhance the accuracy of the existing data types.

4. A computer implemented method of preventing leakage of security sensitive documents from an organization by classifying the documents according to a sensitivity of the documents, comprising:
- embedding a scripting language processing engine into a data leak prevention application, the scripting language processing engine forming part of the application, interaction of the scripting language processing engine with the data leak prevention application being configurable by a user;
  
  setting criteria for when relevant code portions of the scripting language processing engine activate so as to validate that a particular document is of a particular existing data type or so as to detect that the particular document fits a particular new data type;
  
  activating relevant code portions of the scripting language to either validate an existing data type or to detect a new data type, a data type being a classification of a document containing data based on a sensitivity of the document and based on a type of data the document contains, the sensitivity of the document reflecting an extent to which leakage of the document out of the organization would harm the organization; and
  
  using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization based on new and existing data types.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The method of claim 4, wherein a DLP administrator sets the criteria.
  - 6. The method of claim 4, wherein the scripting language processing engine has access to variables available to the data leak prevention application.
  - 7. The method of claim 6, wherein the variables include Internet Protocol (IP) connection details, user names, rule names, data type match, email details and file identification.
  - 8. The method of claim 4, further including activating the relevant code portions of the scripting language processing engine to detect a new data type.
  - 9. The method of claim 4, further including activating the relevant code portions of the scripting language processing engine to validate an existing data type.

10. A computer-implemented method of detecting and preventing leakage of sensitive documents out of a particular organization, comprising:
- using a data leak prevention application to categorize documents by data type, a data type being a classification of a document containing data based on the size of the document and based on a type of data the document contains;
  
  categorizing the documents further based on a protocol of the document;
  
  for email documents, categorizing the email documents further in terms of sensitivity by checking a source and destination of the email documents, the sensitivity of the email documents reflecting an extent to which leakage of the email document of the organization would harm that particular organization; and
  
  a scripting language processing engine embedded in the data leak prevention application validating an accuracy of the data type, interaction of the scripting language processing engine with the data leak prevention application being configurable by a user; and
  
  using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, wherein the data type includes compound data types.
  - 12. The method of claim 10, wherein the scripting language has features that allow the scripting language processing engine to be used in security-critical software.

13. A computer-implemented method of detecting and preventing leakage of sensitive documents from a particular organization, comprising:
- using a data leak prevention application to select a sensitivity category for a document based on a size of the document, a data type and a protocol of the document, the sensitivity category reflecting an extent to which leakage of the document out of the organization would harm that particular organization;
  
  checking a source and destination of the document if the protocol is for email;
  
  a user configuring interaction of a scripting language processing engine with the data leak prevention application to activate code portions of the scripting language processing engine at a run time event of the data leak prevention application, the scripting language processing engine embedded in the data leak prevention application and having access to data accessible to the data leak prevention application;
  
  using the scripting language processing engine to validate the data type of the document;
  
  re-selecting a sensitivity category for the document based on the validation; and
  
  using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization based on the re-selection of the sensitivity category for the document.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further including using the data leak prevention application to perform an action to block further outgoing dissemination of the document out of the organization.
  - 15. The method of claim 14, wherein the data accessible to the data leak prevention application includes IP connection details, user name, rule name, data type match, email details or file identification.
  - 16. The method of claim 13, further including selecting the sensitivity category of the document based on a data type characterized by a frequency that an identification number occurs in the document, the identification number identifying an individual customer, individual subscriber, individual citizen or individual member of the particular organization, the identification number occurring in the document unrelated to any step performed by the data leak prevention application applied on the document.
  - 17. The method of claim 16, wherein validating the data type means validating the identification number.

18. A data leak prevention system for an organization, comprising:
- a processor;
  
  a data leak prevention (DLP) application executable by the processor;
  
  a scripting language processing engine embedded into the DLP application and forming part of the hard code thereof, an interaction of the scripting language processing engine with the data leak prevention application configurable by a user;
  
  the scripting language processing engine including snippets that activate based on criteria configurable by a user at run time events of the data leak prevention application, the snippets also modifiable by a user, the scripting language processing engine configurable by a user to identify whether a document should be assigned a data type based on at least one of (i) a presence and (ii) a frequency of appearance, in the document of a valid identification number, the identification number identifying at least one of an individual customer, individual member, individual citizen or individual subscriber of the organization, the identification number'"'"'s presence or frequency in the document unrelated to any step performed by the data leak prevention application on the document; and
  
  documents of various data types stored by the user and categorized by the data leak prevention application as to sensitivity upon the scripting language processing engine validating existing data types or creating new data types, the sensitivity reflecting an extent to which leakage of the document out of the organization would harm the organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Check Point Software Technologies Limited
Original Assignee
Check Point Software Technologies Limited
Inventors
Mor, Aviad, Gonda, Oded, Raz, Ofer, LeGrow, Matt, Perlmutter, Amnon
Primary Examiner(s)
Chen, Xi D

Application Number

US12/843,056
Publication Number

US 20120023480A1
Time in Patent Office

1,443 Days
Field of Search

None
US Class Current

717/115
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Scripting language processing engine in data leak prevention application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Scripting language processing engine in data leak prevention application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links